One of the vexing issues facing enterprises today – is how to realize the administrative cost savings and increase user functionality of Cisco’s ASA SSL VPN offering. Many CIO’s have trouble with the implementation of a migration solution. Ensuring secure remote access with user and enterprise friendly solutions can be a difficult challenge indeed. Looking for a solution can be time consuming. I recently learned of some new solutions that not only help facilitate the transition to SSL VPN from a traditional IPsec-based solution, but that make the entire process more user and administrator friendly.Ensuring a secure user authentication in the process, one that is deployable to both the enterprise and end user has been a challenge for many CIO’s until recently. When you have a NON-X.509 Authentication via Cisco IPSec VPN, the connection is created through the VPN tunnel through the Cisco IPSec client and a Cisco IPSec supporting appliance (VPN 3000 Concentrator, PIX Firewall, Cisco Routers, etc). In this scenario, the authentication is currently username/password or tokens. In using an IPSec User VPN Deployment, the Cisco IPSec client utilizes authentication other than secure X.509 bilateral authentication.In addition to the authentication being insecure – the organization is also at risk with a “Shared Authentication” key being utilized for encryption. This means that even if the organization is utilizing tokens (hard or soft) for authentication – the encryption is still a mere password – and thus vulnerable to attack.Often times by adding a Cisco ASA and secure authentication appliance into the enterprise, the CIO can enroll users with X.509 Certificates and new user IPSec profiles. By enabling X.509 Authentication on the Cisco IPSec appliance with the new certificates and user profiles, an enterprise can more effectively create secure remote access. One of the advantages here is that the enterprise, at this time, does not need to purchase a large SSL VPN license – a simple 2 to 25 user license will suffice.The enterprise simply utilizes the ASA for the deployment of X.509 credentials and new IPSec user profiles. Utilizing a secure authentication appliance allows a quick a plug into the enterprise in a matter of hours. Certificate creation, SMS Text Messages and Telephony OTPs can be handled via secure and world-unique set of WSE 3.0 Web Services.Enterprises have been searching for a methodology to migrate from traditional IPSec VPNs to the nimbler and more-user friendly SSL VPN solutions. There a number of resources available that help with migrations. Signing up for a webinar series on IPSec and SSL VPNs would be a quick way to get up to speed and learn about the potential challenges and get ideas for addressing them. Additionally you might find information on the technical requirements for deploying a secure, productive, scalable, and reliable remote access VPN environment.
cisco ssl vpn, 2-factor authentication, secure remote access